Set Docker permissions during the build process (#6514)

* Set Docker permissions during the build process * Remove docker_entrypoint.sh and use COPY with chown

Set Docker permissions during the build process (#6514)
be9bab17 · Eugen Rochko · GitHub · 71248812 · be9bab17 · 71248812
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7
 LABEL maintainer="https://github.com/tootsuite/mastodon" \
      description="A GNU Social-compatible microblogging server"

-ENV UID=991 GID=991 \
-    RAILS_SERVE_STATIC_FILES=true \
+ARG UID=991
+ARG GID=991
+
+ENV RAILS_SERVE_STATIC_FILES=true \
    RAILS_ENV=production NODE_ENV=production

 ARG YARN_VERSION=1.3.2
@@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in
 && yarn --pure-lockfile \
 && yarn cache clean

-COPY . /mastodon
-
-COPY docker_entrypoint.sh /usr/local/bin/run
+RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon

-RUN chmod +x /usr/local/bin/run
+COPY --chown=${UID}:${GID} . /mastodon

 VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs

-ENTRYPOINT ["/usr/local/bin/run"]
+USER mastodon
+
+ENTRYPOINT ["/sbin/tini", "--"]
--- a/docker_entrypoint.sh
+++ b/docker_entrypoint.sh
-#!/bin/sh
-
-### 1. Adds local user (UID and GID are provided from environment variables).
-### 2. Updates permissions, except for ./public/system (should be chown on previous installations).
-### 3. Executes the command as that user.
-
-echo "Creating mastodon user (UID : ${UID} and GID : ${GID})..."
-addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon
-
-echo "Updating permissions..."
-find /mastodon -path /mastodon/public/system -prune -o -not -user mastodon -not -group mastodon -print0 | xargs -0 chown -f mastodon:mastodon
-
-echo "Executing process..."
-exec su-exec mastodon:mastodon /sbin/tini -- "$@"